Email or username:

Password:

Forgot your password?
洪 民憙 (Hong Minhee)

I received a request from @ghost today to add #LDSignatures to @fedify for compatibility with #Mastodon, as Mastodon does not plan to implement Object Integrity Proofs (FEP-8b32) for the near future. 😩

However, Mastodon's implementation of LD Signatures does not even use valid JSON-LD properties (despite the name), so I'm not sure how to make it compatible with Mastodon since #Fedify does JSON-LD processing. 🤔

#ActivityPub #fedidev

15 comments
洪 民憙 (Hong Minhee)

As the creator of Fedify, I'd like to see either ActivityPub implementations all deal with JSON-LD properly, or the ActivityPub spec gives up on JSON-LD. 😩

wakest ⁂

@hongminhee hey @thisismissem, @andypiper what do yall think of this situation? where are we going here? I keep seeing dev after dev complain about the JSON-LD issue with Mastodon and I personally dont even know where to stand on it but it seems its a major hurdle.

Andy Piper

@liaizon @hongminhee @thisismissem I think it may be something long-standing here, is there an existing GitHub issue where I can get more background? I know it’s pretty complicated at this point though.

Andy Piper

@liaizon @hongminhee @thisismissem (also asking as I’m on my phone walking right now and can’t search so easily!)

Emelia 👸🏻

@andypiper @liaizon @hongminhee the version of JSON-LD Signatures that mastodon supports is old, basically they implemented it, then the spec completely changed.

That's why stuff doesn't look right.

The question is then: how do you migrate forwards without breaking compatibility with existing deployments. That's gonna need time & money thrown at the problem to solve.

Andy Piper

@thisismissem @liaizon @hongminhee agreed that it will take a while to resolve things due to the scale of the deployments.

silverpill

@thisismissem @liaizon @andypiper @hongminhee

FEP-8b32 is designed to be compatible with existing implementations. The upgrade path for Mastodon may look like this:

1. Support multiple public keys per actor
2. Start publishing second Ed25519 key as described in FEP-521a
3. Start adding FEP-8b32 integrity proofs in addition to LD signatures (as specified in "Backward compatibility" section of FEP-8b32)
4. Stop adding LD signatures

Andy Piper

@liaizon @hongminhee @thisismissem no promises on how quickly this can be resolved, but it is in progress. It needs more work and probably backporting etc. github.com/mastodon/mastodon/p

Sam Sethi :pc2red: ⁂

@hongminhee will @Mastodon lack of support for the AP standards slow the adoption of the fediverse? TrueFans are new to developing with AP. We use @fedify who have made it super easy but we wanted to use the "Listen" verb from the AP vocabulary but no AP client supports it. Mastodon doesn't for certain which is probably why other AP clients don't.

We also wanted to use the 'Summary' verb but Mastodon kept marking our notes as sensitive another bug not fixed.

Clairement crevée

@hongminhee @ghost @fedify these properties should be part of the https://w3id.org/security/v1 context, but it looks like we are omitting this context in some activities

Григорий Клюшников

Smithereen (I'm writing this from it) also does JSON-LD processing but also supports LD signatures. I don't understand what's the problem here — imo you aren't supposed to LD-process the signature itself. I remove it before any LD processing and treat it as a separate object passed alongside the main one.

silverpill

@hongminhee Do they want LD signatures in Fedify in order to process forwarded Create activities? I simply fetch object by its id when signer and actor do not match.

Go Up